32 lines
720 B
YAML
32 lines
720 B
YAML
version: "1.0"
|
|
metadata:
|
|
description: Relaxed internal/development policy
|
|
tags:
|
|
- internal
|
|
- dev
|
|
rules:
|
|
- name: Block KEV advisories
|
|
tags: [kev]
|
|
action: block
|
|
|
|
- name: Warn medium severity
|
|
severity: [Medium]
|
|
environments: [internal]
|
|
action: warn
|
|
|
|
- name: Accept vendor VEX
|
|
action:
|
|
type: require_vex
|
|
requireVex:
|
|
vendors: [VendorX, VendorY]
|
|
justifications:
|
|
- component_not_present
|
|
- vulnerable_code_not_present
|
|
|
|
- name: Quiet low severity
|
|
severity: [Low, Informational]
|
|
action:
|
|
type: ignore
|
|
until: 2026-01-01T00:00:00Z
|
|
justification: "Deferred to annual remediation cycle"
|